H3C裝置之基本ACL應用
配置基本ACL過濾,使PCA無法訪問PCB:
[RTA]intG0/0
[RTA-G0/0]ipadd192.168.0.1255.255.255.0
[RTA-G0/0]undoshutdown
[RTA-G0/0]intS6/0
[RTA-S6/0]ipadd192.168.1.124
[RTA-S6/0]undoshutdown
[RTA]rip
[RTA-rip-1]ver2
[RTA-rip-1]undosummary
[RTA-rip-1]network192.168.0.0
[RTA-rip-1]network192.168.1.0
[RTB]intG0/0
[RTB-G0/0]ipadd192.168.2.1255.255.255.0
[RTB-G0/0]undoshutdown
[RTB-G0/0]intS6/0
[RTB-S6/0]ipadd192.168.1.224
[RTB-S6/0]undoshutdown
[RTB]rip
[RTB-rip-1]ver2
[RTB-rip-1]undosummary
[RTB-rip-1]network192.168.1.0
[RTB-rip-1]network192.168.2.0
PCA:192.168.0.2255.255.255.0GT:192.168.0.1
PCB:192.168.2.2255.255.255.0GT:192.168.2.1
此時網路已經互通:
C:\DocumentsandSettings\xiaofei>ping192.168.2.2
Pinging192.168.2.2with32bytesofdata:
Replyfrom192.168.2.2:bytes=32time=16msTTL=254
Replyfrom192.168.2.2:bytes=32time=1msTTL=254
Replyfrom192.168.2.2:bytes=32time=2msTTL=254
Replyfrom192.168.2.2:bytes=32time=1msTTL=254
Pingstatisticsfor192.168.2.2:
Packets:Sent=4,Received=4,Lost=0(0%loss),
Approximateroundtriptimesinmilli-seconds:
Minimum=1ms,Maximum=16ms,Average=5ms
在RTA上配置基本ACL包過濾實現PCA無法訪問PCB:
[RTA]firewallenabl開啟防火牆功能
[RTA]firewalldefaultpermit設定防火牆的預設規則
[RTA]aclnumber2000建立基本ACL2000
[RTA-acl-basic-2000]rule0denysource192.168.0.20.0.0.0設定不不允許的主機,0.0.0.0匹配的是主機,不是網段
[RTA-acl-basic-2000]quit
[RTA]inte0/1/0
[RTA-G0/0]firewallpacket-filter2000inbound進入介面繫結規則
此時PCA已經無法訪問PCB以及外部網路:
C:\DocumentsandSettings\xiaofei>ping192.168.2.2
Pinging192.168.2.2with32bytesofdata:
Requesttimedout.
Requesttimedout.
Pingstatisticsfor192.168.2.2:
Packets:Sent=2,Received=0,Lost=2(100%loss),
C:\DocumentsandSettings\xiaofei>ping192.168.1.1
Pinging192.168.1.1with32bytesofdata:
Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.
Pingstatisticsfor192.168.1.1:
Packets:Sent=4,Received=0,Lost=4(100%loss),
轉載於:https://blog.51cto.com/xiaoliufei/962516